COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2026-61500

CVE-2026-61500

Severity
critical
Source
NVD · cve
Published
2026-07-13
CVSS
9.8
Reference
https://nvd.nist.gov/vuln/detail/CVE-2026-61500
⚡ RCE shame 85/100 rceunpatchedexploited-in-wild

Rejetto HFS 3.0.0-3.2.0 uses a weak random number generator to sign session cookies, allowing attackers to forge admin access and execute remote code.

This critical vulnerability stems from Rejetto HFS using a non-cryptographic Math.random() function to derive session cookie signing keys, enabling attackers to reconstruct the generator state and forge administrator session cookies. This leads to full administrative access and remote code execution via the server_code configuration feature, posing a severe risk to DIB organizations relying on Rejetto HFS for security controls. Immediate patching and vendor accountability are required to prevent unauthorized administrative access and potential data exfiltration.

Shame score — Using a non-cryptographic random number generator for security-critical session signing is a fundamental design flaw that enables remote code execution.

Description

Rejetto HFS 3.0.0 through 3.2.0 derives its session-cookie signing key from the non-cryptographic Math.random() generator and discloses outputs of the same generator to unauthenticated clients during login. A remote attacker can collect a small number of login responses, reconstruct the generator's state, recover the signing key, and forge a valid administrator session cookie, leading to full administrative access and remote code execution via the server_code configuration feature.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.